At present, mobile terminals can contain information over which users wish to be able to control access in order to limit the distribution thereof. This information is usually of a personal kind as it generally concerns the private life of the user.
Information to which access is liable to be subject to control includes the geographical location of the terminal and the user's availability or indeed contacts list.
In the remainder of this specification, the invention is described with reference to controlling access to the geographical location of the terminal. Of course, this choice is not limiting on the invention, which naturally extends to any other type of information contained in the terminal that the user intends to subject to control.
At present there are several approaches to locating a mobile terminal in the telecommunications network.
A first approach is to locate the terminal by identifying the cell in which it is situated. The resulting location is relatively coarse but may be refined by triangulation using a plurality of adjacent cells.
A second approach is to equip the terminal with a satellite positioning system such as the GPS (Global Positioning System). The terminal is then located relative to a plurality of satellites and not relative to the telecommunications network itself. That positioning system is accurate but costly to implement.
The third approach is a hybrid approach that consists of GPS location that is assisted by the network in the sense that, to accelerate the GPS location process, the GPS system of the terminal receives information concerning its approximate position from the network.
Of course, the invention is not limited to any one of these three approaches and extends equally to any other positioning technology.
The standards relating to locating the users of mobile telephone networks recommend that the agreement of the person to be located should be verified first, before supplying this location information to a third party requesting it. The expression “third party” may refer to an application, an individual, or a body corporate, etc. needing to know the geographical location of the user, for example a service for supplying a list of places (restaurants, cinemas, etc.) near the user's location.
The specification 3GPP-TS 23.271 version 6.7.0 release 6 is one example of a standard that defines a model architecture for managing information impacting on the private lives of users, and in particular their geographical locations if established by the telecommunications network itself, using the first above-mentioned approach to location.
In essence, the above standard provides for the presence in the network of a privacy server in which are stored conditions for access to said information that are defined in said privacy server by the user. This server is also called a privacy profile register (PPR).
The expression “access conditions” refers equally to authorization to access all or some of said information and to ways of accessing some or all of that information when access is authorized.
According to the above 3GPP standard, when an application requests the location server in the network to supply it with the location of a user, the server verifies that the application is authorized to access the information. It bases this verification on the access conditions that the user has previously defined in the privacy server. If the application is in fact authorized to know the location of the user, then the location server actually determines the user's location and communicates the result to the application that has requested it.
However, apart from the situation that has just been described relating to the 3GPP standard and in which the information server (here the location server) and the privacy server are situated in the network, there are situations in which, at the initiative of the manufacturer, equivalent servers are installed in the terminal itself. This situation is referred to above for the location server and in relation to the second and third approaches to location, which are at least partly implemented in the terminal. This also applies to the privacy server, which may be integrated into the terminal from the outset.
However, that so-called integrated solution runs the risk of inconsistency from one terminal to another, because the level of the information access conditions may vary according to the manufacturer.
Moreover, the coexistence, in the network and in the terminals, of two different and independent systems for controlling access to certain information has numerous drawbacks.
First of all, it should be pointed out that the user must manage two independent databases, each corresponding to one or the other of the privacy servers, which presupposes duplicate entries of access conditions.
Thus if the user modifies an access condition in a terminal, the modification is not taken into account in the network, and vice-versa. This results in a lack of uniformity in terms of quality of service. For example, if a user has declared on the network that he does not wish to receive local advertising messages but has omitted to declare this in his terminal, he will nevertheless receive messages of this type from applications that have access to his location via the terminal.
Finally, from the point of view of the operator, there arises the problem of its liability, which could be invoked even if it is not part of the service chain, i.e. if managing access to the information is a matter for the terminal only.